Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wurb-q3hs-qqad
SummaryThe WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
Aliases
0
alias CVE-2024-11275
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-11275
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33152
published_at 2026-06-07T12:55:00Z
1
value 0.00135
scoring_system epss
scoring_elements 0.3314
published_at 2026-06-09T12:55:00Z
2
value 0.00135
scoring_system epss
scoring_elements 0.3312
published_at 2026-06-08T12:55:00Z
3
value 0.00135
scoring_system epss
scoring_elements 0.33176
published_at 2026-06-05T12:55:00Z
4
value 0.00135
scoring_system epss
scoring_elements 0.3319
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-11275
1
reference_url https://plugins.trac.wordpress.org/browser/timetics/trunk/core/customers/api-customer.php#L308
reference_id api-customer.php#L308
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T21:14:54Z/
url https://plugins.trac.wordpress.org/browser/timetics/trunk/core/customers/api-customer.php#L308
2
reference_url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199
reference_id changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T21:14:54Z/
url https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199
3
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve
reference_id d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T21:14:54Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve
Weaknesses
0
cwe_id 639
name Authorization Bypass Through User-Controlled Key
description The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Exploits
Severity_range_score4.3 - 4.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wurb-q3hs-qqad